More cross-site scripting vulnerabilities
More cross-site scripting vulnerabilities from
White Hat Security:
Hotmail STYLE CSS Vulnerability [08.15.2001]
Another MS Hotmail Security Issue with further widespread implications [08.24.2001]
Radio Waves Zap Zebra Mussels
Radio Waves Zap Zebra Mussels. Zebra mussels, a particularly hearty invasive species, have caused millions of dollars in damage to U.S. boats and power plants. Scientists may now have a way to combat the pesky mollusks. From the Environment News Service. [Wired News]
Offensive Trojan horse can disable systems
Offensive Trojan horse can disable systems. IDG Aug 24 2001 6:29PM ET [Tech latest]
New MS Tool: Good and Bad
New MS Tool: Good and Bad. Microsoft’s newest ‘user-friendly’ security tool is a grand gesture by the company, experts say. But many users are alarmed at the results, and some say the friendliness of it is far too technical. By Michelle Delio. [Wired News]
[DIDS – Distributed IDS Systems] -Creating the Ultimate Security Tools (paper)
[DIDS – Distributed IDS Systems] -Creating the Ultimate Security Tools (paper)
(A simple and not too bad taxonomy. Not exhaustive.)
[Security Focus]
Serious Outlook 2002 hole patched
Serious Outlook 2002 hole patched
Microsoft has patched a serious vulnerability in Outlook 2002 by which an attacker could take over one’s machine. At issue is an ActiveX feature, the Outlook View Control, which enables mail folders to be viewed via Web pages. In Outlook 2K the flaw doesn’t give up control, but could allow for minor mischief.
MS suggested a workaround last month while it worked on a patch. The job is finished now, and the crucial 2002 patch is available here, while the more or less optional 2K patch is available here.
[via Security Focus and The Register]
Effort afoot to provide wireless LAN roaming
Networld World: From May 28, 2001; Effort afoot to provide wireless LAN roaming
My commentary:
Do these people know what they’re doing?
Are they making sure their access points don’t touch actual passwords?
If not, we’ll soon see the first “false front” (and man-in-the-middle) wireless access points which will be sucking down your passwords when you walk by them.
[via Tomalak’s Realm]
Armoring Solaris: II (paper)
Armoring Solaris: II (paper)
Firewalls are one of the fastest growing technical tools in the field
of information security. However, a firewall is only as secure as the operating
system it resides upon. This article is a continuation of the original
Armoring Solaris article,
focusing on building a minimized Solaris 8 64-bit for CheckPoint FW-1 NG firewall.
This article does not include an updated script for the automated securing
of the new installation, as there was in Armoring Solaris. Instead,
we will be using Solaris Security
Toolkit (JASS). This is a new tool developed and released
by Sun for the secure deployment of the Solaris platform. In otherwords, I’m not
going to develop a tool to automate the secure build since that tool is already
out there.
[Security Focus]
See also here for other papers on Armoring Solaris, Linux, NT, firewalls, intrustion detection, etc.
Venator Realizes Its Name Is Stupid
Venator Realizes Its Name Is Stupid. The decision to rename the company Foot Locker Inc. calls into question the trend toward stupid corporate names. [The Motley Fool]
